There are two ways to hide yourself - to hide and be quite or to be in a crowd. I think the same can be said about security risks in IT. Usually we hear about huge attacks, when companies lose a lot of money. Everyone talks about them. Companies send new regulation to workers and so on, and so on... As result we taught to withstand huge and separate attacks on corporations. From the other side, there is a silent enemy, which is everywhere and basically we do nothing with it. It is so common for us to get SPAM messages, calls, offers to invest money into International Corporation of Nothing, promises of huge income, which we can't imagine and wan't see, proposals to install new super-tool and win a lottery, that a part humanity(which more or less educated in IT) don't even react on such mails and calls, while another part is looking for some luck. Therefore the amount of victims grows every year and this evident enemy holds positions. (spam and phishing reports) . ...